CVE-2024-47079

Unauthorized usage of remote hardware module because of missing channel verification

Description

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote hardware control message was received should be considered valid. This issue has been addressed in release version 2.5.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-10-07T19:55:51.142Z

Last Modified :

2024-10-07T20:19:33.259Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-47079 vulnerability.

Vendors	Products
Meshtastic	Firmware Meshtastic Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47079.

URL	Resource
https://github.com/meshtastic/firmware/security/advisories/GHSA-h8mh-p4r3-4jv7

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact